package work

import (
	"context"
	"encoding/json"
	"fmt"
	"net/http"
	"strings"

	corev1 "k8s.io/api/core/v1"
	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
	"k8s.io/apimachinery/pkg/runtime"
	"k8s.io/klog/v2"
	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"

	workv1alpha1 "github.com/karmada-io/karmada/pkg/apis/work/v1alpha1"
	"github.com/karmada-io/karmada/pkg/util"
	"github.com/karmada-io/karmada/pkg/util/helper"
)

// MutatingAdmission mutates API request if necessary.
type MutatingAdmission struct {
	decoder *admission.Decoder
}

// Check if our MutatingAdmission implements necessary interface
var _ admission.Handler = &MutatingAdmission{}
var _ admission.DecoderInjector = &MutatingAdmission{}

// Handle yields a response to an AdmissionRequest.
func (a *MutatingAdmission) Handle(ctx context.Context, req admission.Request) admission.Response {
	work := &workv1alpha1.Work{}

	err := a.decoder.Decode(req, work)
	if err != nil {
		return admission.Errored(http.StatusBadRequest, err)
	}
	klog.V(2).Infof("Mutating work(%s) for request: %s", work.Name, req.Operation)

	var manifests []workv1alpha1.Manifest

	for _, manifest := range work.Spec.Workload.Manifests {
		workloadObj := &unstructured.Unstructured{}
		err := json.Unmarshal(manifest.Raw, workloadObj)
		if err != nil {
			klog.Errorf("Failed to unmarshal work(%s) manifest to Unstructured", work.Name)
			return admission.Errored(http.StatusInternalServerError, err)
		}

		err = removeIrrelevantField(workloadObj)
		if err != nil {
			klog.Errorf("Failed to remove irrelevant field for work(%s): %v", work.Name, err)
			return admission.Errored(http.StatusInternalServerError, err)
		}

		workloadJSON, err := workloadObj.MarshalJSON()
		if err != nil {
			klog.Errorf("Failed to marshal workload of work(%s)", work.Name)
			return admission.Errored(http.StatusInternalServerError, err)
		}
		manifests = append(manifests, workv1alpha1.Manifest{RawExtension: runtime.RawExtension{Raw: workloadJSON}})
	}

	work.Spec.Workload.Manifests = manifests
	marshaledBytes, err := json.Marshal(work)
	if err != nil {
		return admission.Errored(http.StatusInternalServerError, err)
	}

	return admission.PatchResponseFromRaw(req.Object.Raw, marshaledBytes)
}

// InjectDecoder implements admission.DecoderInjector interface.
// A decoder will be automatically injected.
func (a *MutatingAdmission) InjectDecoder(d *admission.Decoder) error {
	a.decoder = d
	return nil
}

// removeIrrelevantField used to remove fields that generated by kube-apiserver and no need(or can't) propagate to
// member clusters.
func removeIrrelevantField(workload *unstructured.Unstructured) error {
	// populated by the kubernetes.
	unstructured.RemoveNestedField(workload.Object, "metadata", "creationTimestamp")

	// populated by the kubernetes.
	// The kubernetes will set this fields in case of graceful deletion. This field is read-only and can't propagate to
	// member clusters.
	unstructured.RemoveNestedField(workload.Object, "metadata", "deletionTimestamp")

	// populated by the kubernetes.
	// The kubernetes will set this fields in case of graceful deletion. This field is read-only and can't propagate to
	// member clusters.
	unstructured.RemoveNestedField(workload.Object, "metadata", "deletionGracePeriodSeconds")

	// populated by the kubernetes.
	unstructured.RemoveNestedField(workload.Object, "metadata", "generation")

	// This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field.
	// Remove this field to keep 'Work' clean and tidy.
	unstructured.RemoveNestedField(workload.Object, "metadata", "managedFields")

	// populated by the kubernetes.
	unstructured.RemoveNestedField(workload.Object, "metadata", "resourceVersion")

	// populated by the kubernetes and has been deprecated by kubernetes.
	unstructured.RemoveNestedField(workload.Object, "metadata", "selfLink")

	// populated by the kubernetes.
	unstructured.RemoveNestedField(workload.Object, "metadata", "uid")

	unstructured.RemoveNestedField(workload.Object, "metadata", "ownerReferences")

	unstructured.RemoveNestedField(workload.Object, "status")

	if workload.GetKind() == util.ServiceKind {
		// In the case spec.clusterIP is set to `None`, means user want a headless service,  then it shouldn't be removed.
		clusterIP, exist, _ := unstructured.NestedString(workload.Object, "spec", "clusterIP")
		if exist && clusterIP != corev1.ClusterIPNone {
			unstructured.RemoveNestedField(workload.Object, "spec", "clusterIP")
		}
	}

	if workload.GetKind() == util.JobKind {
		job, err := helper.ConvertToJob(workload)
		if err != nil {
			return err
		}

		if job.Spec.ManualSelector == nil || !*job.Spec.ManualSelector {
			return removeGenerateSelectorOfJob(workload)
		}
	}

	if workload.GetKind() == util.ServiceAccountKind {
		secrets, exist, _ := unstructured.NestedSlice(workload.Object, "secrets")
		// If 'secrets' exists in ServiceAccount, remove the automatic generation secrets(e.g. default-token-xxx)
		if exist && len(secrets) > 0 {
			tokenPrefix := fmt.Sprintf("%s-token-", workload.GetName())
			for idx := 0; idx < len(secrets); idx++ {
				if strings.HasPrefix(secrets[idx].(map[string]interface{})["name"].(string), tokenPrefix) {
					secrets = append(secrets[:idx], secrets[idx+1:]...)
				}
			}
			_ = unstructured.SetNestedSlice(workload.Object, secrets, "secrets")
		}
	}

	return nil
}

func removeGenerateSelectorOfJob(workload *unstructured.Unstructured) error {
	matchLabels, exist, err := unstructured.NestedStringMap(workload.Object, "spec", "selector", "matchLabels")
	if err != nil {
		return err
	}
	if exist {
		if util.GetLabelValue(matchLabels, "controller-uid") != "" {
			delete(matchLabels, "controller-uid")
		}
		err = unstructured.SetNestedStringMap(workload.Object, matchLabels, "spec", "selector", "matchLabels")
		if err != nil {
			return err
		}
	}

	templateLabels, exist, err := unstructured.NestedStringMap(workload.Object, "spec", "template", "metadata", "labels")
	if err != nil {
		return err
	}
	if exist {
		if util.GetLabelValue(templateLabels, "controller-uid") != "" {
			delete(templateLabels, "controller-uid")
		}

		if util.GetLabelValue(templateLabels, "job-name") != "" {
			delete(templateLabels, "job-name")
		}

		err = unstructured.SetNestedStringMap(workload.Object, templateLabels, "spec", "template", "metadata", "labels")
		if err != nil {
			return err
		}
	}
	return nil
}
